Skip to content

Move issuance pending from Deferred Credential Error Response to Deferred Credential Response and move interval parameter to Credential Response #492

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
May 30, 2025
Merged

Move issuance pending from Deferred Credential Error Response to Deferred Credential Response and move interval parameter to Credential Response #492

merged 9 commits into from
May 30, 2025

Conversation

@paulbastian
Copy link
Contributor

@paulbastian paulbastian commented May 7, 2025
edited
Loading

Closes #1
Closes #226

  • I moved the pending_issuance Deferred Credential Response Error to the regular Deferred Credential Response
  • I moved the interval parameter from Deferred Credential Response Error to the Credential Response
  • I changed the interval from OPTIONAL to REQUIRED (see thread discussion)
  • I added an example of a Deferred Credential Response containg no Credentials but only new interval

@paulbastian
Move issuance pending from Deferred Credential Error Response to Defe…
3c93c9d 
…rred Credential Response, move interval to Credential Response
@paulbastian paulbastian changed the title Move issuance pending from Deferred Credential Error Response to Defe… Move issuance pending from Deferred Credential Error Response to Deferred Credential Response and move interval parameter to Credential Response May 7, 2025
TimoGlastra
TimoGlastra reviewed May 8, 2025
View reviewed changes
@paulbastian @TimoGlastra
Update openid-4-verifiable-credential-issuance-1_0.md
cfa0c0f 
Co-authored-by: Timo Glastra <timo@animo.id>
charsleysa
charsleysa reviewed May 8, 2025
View reviewed changes
@paulbastian @charsleysa
Update openid-4-verifiable-credential-issuance-1_0.md
9a3cf64 
Co-authored-by: Stefan Charsley <charsleysa@gmail.com>
tplooker
tplooker reviewed May 8, 2025
View reviewed changes
awoie
awoie reviewed May 20, 2025
View reviewed changes
Copy link
Contributor

@awoie awoie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

generally fine with the direction but we should consider interval being mandatory.

tplooker
tplooker reviewed May 23, 2025
View reviewed changes
jogu
jogu reviewed May 23, 2025
View reviewed changes
@paulbastian @jogu
Update openid-4-verifiable-credential-issuance-1_0.md
9548858 
Co-authored-by: Joseph Heenan <joseph@authlete.com>
tplooker
tplooker reviewed May 23, 2025
View reviewed changes
tplooker
tplooker reviewed May 23, 2025
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md Outdated
Deferred Credential Response may either contain the requested Credentials or further defer the issuance:

* If the Credential Issuer is able to issue the requested Credentials, the Deferred Credential Response MUST use the `credentials` parameter as defined in (#credential-response) and MUST respond with the HTTP status code 200 (see Section 15.3.3 of [@!RFC9110]).
* If the Credential Issuer still requires more time, the Deferred Credential Response MAY use the `interval` parameter as defined in (#credential-response) and MUST respond with the HTTP status code 202 (see Section 15.3.3 of [@!RFC9110]).
Copy link
Contributor

@tplooker tplooker May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* If the Credential Issuer still requires more time, the Deferred Credential Response MAY use the `interval` parameter as defined in (#credential-response) and MUST respond with the HTTP status code 202 (see Section 15.3.3 of [@!RFC9110]).
* If the Credential Issuer still requires more time, the response MUST use the HTTP status code 202 (see Section 15.3.3 of [@!RFC9110]).

Copy link
Contributor

@jogu jogu May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we're significantly under defining the "still requires more time" response now, it must include interval right?

Copy link
Contributor Author

@paulbastian paulbastian May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, I caught the same in the meantime :) However my suggestion was to require interval in the new response. WDYT?

Copy link
Contributor

@jogu jogu May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@paulbastian I'm good with that.

paulbastian and others added 2 commits May 23, 2025 11:36
jogu
jogu reviewed May 23, 2025
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md
* If the Credential Issuer is able to issue the requested Credentials, the Deferred Credential Response MUST use the `credentials` parameter as defined in (#credential-response) and MUST respond with the HTTP status code 200 (see Section 15.3.3 of [@!RFC9110]).
* If the Credential Issuer still requires more time, the Deferred Credential Response MAY use the `interval` parameter as defined in (#credential-response) and MUST respond with the HTTP status code 202 (see Section 15.3.3 of [@!RFC9110]).

The Deferred Credential Response MAY use the `notification_id` parameter as defined in (#credential-response).
Copy link
Contributor

@jogu jogu May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be in the "is able to issue" paragraph?

openid-4-verifiable-credential-issuance-1_0.md Outdated
Deferred Credential Response may either contain the requested Credentials or further defer the issuance:

* If the Credential Issuer is able to issue the requested Credentials, the Deferred Credential Response MUST use the `credentials` parameter as defined in (#credential-response) and MUST respond with the HTTP status code 200 (see Section 15.3.3 of [@!RFC9110]).
* If the Credential Issuer still requires more time, the Deferred Credential Response MAY use the `interval` parameter as defined in (#credential-response) and MUST respond with the HTTP status code 202 (see Section 15.3.3 of [@!RFC9110]).
Copy link
Contributor

@jogu jogu May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we're significantly under defining the "still requires more time" response now, it must include interval right?

sloops77
sloops77 reviewed May 23, 2025
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md
## Deferred Credential Response {#deferred-credential-response}

The Deferred Credential Response uses the `credentials` and `notification_id` parameters as defined in (#credential-response).
A Deferred Credential Response may either contain the requested Credentials or further defer the issuance:
Copy link
Contributor

@sloops77 sloops77 May 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The response can also indicate that there are no credentials for the holder (for a variety of reasons) and that the wallet should not poll any longer. I think it's worth adding normative description of what this response looks like. One of the following probably:

  • 204
  • 200 with an empty response
  • 200 & and empty credentials array
  • 400 & error credential_request_denied or a new error code such as no_deferred_credential

Copy link
Contributor

@jogu jogu May 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is out of scope for this PR. I'll convert it into a new issue instead.

@sloops77
Copy link
Contributor

sloops77 commented May 24, 2025

@paulbastian This PR brings even closer alignment between the credential and deferred endpoints. I think WG should reconsider merging them.

  • It would mean transaction_id is acceptable on the credential request, along with the corresponding extra error response.
  • Additionally is there a benefit in allowing proofs to be resent on each request?

@paulbastian
Copy link
Contributor Author

paulbastian commented May 24, 2025

@paulbastian This PR brings even closer alignment between the credential and deferred endpoints. I think WG should reconsider merging them.

  • It would mean transaction_id is acceptable on the credential request, along with the corresponding extra error response.
  • Additionally is there a benefit in allowing proofs to be resent on each request?

Yes. I'm pushing in the same direction. Consider it a preparation step.

@GarethCOliver
Copy link
Contributor

GarethCOliver commented May 27, 2025

@paulbastian This PR brings even closer alignment between the credential and deferred endpoints. I think WG should reconsider merging them.

  • It would mean transaction_id is acceptable on the credential request, along with the corresponding extra error response.
  • Additionally is there a benefit in allowing proofs to be resent on each request?

+1 to this. Having two versions of the same thing lead to exactly this sort of skew. It'll be valuable for future implementors to also know that the message for the request/response are necessarily, simply with slightly different restriction.

@Sakurann Sakurann added this to the Final 1.0 milestone May 28, 2025
@jogu jogu mentioned this pull request May 30, 2025
Closed
@jogu jogu merged commit 16c8797 into main May 30, 2025
2 checks passed
@jogu jogu mentioned this pull request May 30, 2025
Merged
@GarethCOliver GarethCOliver mentioned this pull request Jun 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tplooker tplooker tplooker left review comments

@TimoGlastra TimoGlastra TimoGlastra left review comments

@awoie awoie awoie left review comments

@jogu jogu jogu approved these changes

@charsleysa charsleysa charsleysa approved these changes

@GarethCOliver GarethCOliver GarethCOliver approved these changes

@danielfett danielfett Awaiting requested review from danielfett

@c2bo c2bo Awaiting requested review from c2bo

@Sakurann Sakurann Awaiting requested review from Sakurann

@martijnharing martijnharing Awaiting requested review from martijnharing

@bc-pi bc-pi Awaiting requested review from bc-pi

+1 more reviewer

@sloops77 sloops77 sloops77 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Final 1.0

Development

Successfully merging this pull request may close these issues.

Deferred Credential Error represents non-error cases [ID-2] Credential Issuance: retry_in parameter for deferred credentials